Skip to content

Is the Subject Access Right Now Too Great a Threat to Privacy?

Andrew Cormack


Legal and technological developments have brought new classes of data controller within the scope of European data protection law. Most of these have no direct relationship with the data subjects whose data they may process. This article considers the implications for the subject access duty: whether it still fulfils its original purposes and whether it creates new threats to privacy. Treating subject access as involving a conflict between the fundamental rights to data protection and privacy, the paper identifies a better balance and considers whether General Data Protection Regulation’s modified subject access right will achieve it.

Andrew Cormack is Chief Regulatory Adviser at Jisc Technologies, UK. For correspondence: <>


Lx-Number Search

(e.g. A | 000123 | 01)

Export Citation